N.M. preps ID management system

Related Links

New Mexico soon will implement a centralized, enterprise identity management platform so that citizens and employees can access Web applications more securely.

"They've got a huge amount of legacy systems and they're all disconnected, running on different operating platforms, different services on the back end, and they just don't work together, and there's no comprehensive security mechanism to control security for all of these applications," said Nand Mulchandani, co-founder and chief technology officer for Cupertino, Calif.-based Oblix Inc., a developer of identity-based products for the public and private sectors.

"When you basically slap on a portal on the front to gain unified access to each of these back-end applications, the portal has to be this sort of single place of authenticating, identifying and controlling access to these different things ... and that's what we do," he added.

Oblix's NetPoint solution, Mulchandani said, will help the state's network administrators better manage the security platform's authentication and authorization pieces. State officials plan to implement the solution within the next 30 days.

As the state launches more online transactional applications for a well-defined group of users, then making sure who they are and whether they're authorized to use the application will become more important, Mulchandani said. "Every click that you're making on the application side, we're absolutely checking to see whether you're authorized to use that URL," he said.

From a network administrator's vantage point, it's also easier to manage employee and other user profiles, improving efficiency and eventually decreasing costs.

For example, if a New Mexico employee authorized to use certain systems leaves his or her job, a network administrator can revoke access rights or change the user's profile across the board. "So the minute your profile changes, your entire security profile and what you can do changes immediately," Mulchandani said.

NetPoint, he added, also could integrate whatever authentication security government agencies require, from digital certificates to biometric identifiers.

"The trend we're basically seeing is that government is essentially doing what large [companies] have been doing for the past couple of years, which is basically moving more and more of their processes online and away from telephones and people waiting in lines and offices," Mulchandani said.

However, the number of users for government services are much greater than at a company and governments tend to have more of a legacy infrastructure, spurring the need for more Web services to bridge and make better use of the systems, he said.